



# UNITED STATES PATENT AND TRADEMARK OFFICE

UNITED STATES DEPARTMENT OF COMMERCE  
United States Patent and Trademark Office  
Address: COMMISSIONER FOR PATENTS  
P.O. Box 1450  
Alexandria, Virginia 22313-1450  
[www.uspto.gov](http://www.uspto.gov)

| APPLICATION NO.                      | FILING DATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. | CONFIRMATION NO. |
|--------------------------------------|-------------|----------------------|---------------------|------------------|
| 10/551,674                           | 10/03/2006  | Richard Kabzinski    | 60136-0011          | 5546             |
| 29989                                | 7590        | 03/17/2011           |                     |                  |
| HICKMAN PALERMO TRUONG & BECKER, LLP |             |                      | EXAMINER            |                  |
| 2055 GATEWAY PLACE                   |             |                      | ZIA, SYED           |                  |
| SUITE 550                            |             |                      |                     |                  |
| SAN JOSE, CA 95110                   |             |                      | ART UNIT            | PAPER NUMBER     |
|                                      |             |                      | 2431                |                  |
|                                      |             |                      |                     |                  |
|                                      |             |                      | MAIL DATE           | DELIVERY MODE    |
|                                      |             |                      | 03/17/2011          | PAPER            |

**Please find below and/or attached an Office communication concerning this application or proceeding.**

The time period for reply, if any, is set in the attached communication.

|                              |                        |                     |  |
|------------------------------|------------------------|---------------------|--|
| <b>Office Action Summary</b> | <b>Application No.</b> | <b>Applicant(s)</b> |  |
|                              | 10/551,674             | KABZINSKI ET AL.    |  |
|                              | <b>Examiner</b>        | <b>Art Unit</b>     |  |
|                              | SYED ZIA               | 2431                |  |

-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address --

#### Period for Reply

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION.

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed after SIX (6) MONTHS from the mailing date of this communication.
- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication.
- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any earned patent term adjustment. See 37 CFR 1.704(b).

#### Status

1) Responsive to communication(s) filed on 04 January 2011.

2a) This action is **FINAL**.                    2b) This action is non-final.

3) Since this application is in condition for allowance except for formal matters, prosecution as to the merits is closed in accordance with the practice under *Ex parte Quayle*, 1935 C.D. 11, 453 O.G. 213.

#### Disposition of Claims

4) Claim(s) 28-36 and 38-54 is/are pending in the application.

4a) Of the above claim(s) \_\_\_\_\_ is/are withdrawn from consideration.

5) Claim(s) \_\_\_\_\_ is/are allowed.

6) Claim(s) 28-36 and 38-54 is/are rejected.

7) Claim(s) \_\_\_\_\_ is/are objected to.

8) Claim(s) \_\_\_\_\_ are subject to restriction and/or election requirement.

#### Application Papers

9) The specification is objected to by the Examiner.

10) The drawing(s) filed on \_\_\_\_\_ is/are: a) accepted or b) objected to by the Examiner.  
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a).  
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d).

11) The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152.

#### Priority under 35 U.S.C. § 119

12) Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f).

a) All    b) Some \* c) None of:

1. Certified copies of the priority documents have been received.
2. Certified copies of the priority documents have been received in Application No. \_\_\_\_\_.
3. Copies of the certified copies of the priority documents have been received in this National Stage application from the International Bureau (PCT Rule 17.2(a)).

\* See the attached detailed Office action for a list of the certified copies not received.

#### Attachment(s)

|                                                                                      |                                                                   |
|--------------------------------------------------------------------------------------|-------------------------------------------------------------------|
| 1) <input checked="" type="checkbox"/> Notice of References Cited (PTO-892)          | 4) <input type="checkbox"/> Interview Summary (PTO-413)           |
| 2) <input type="checkbox"/> Notice of Draftsperson's Patent Drawing Review (PTO-948) | Paper No(s)/Mail Date. _____ .                                    |
| 3) <input type="checkbox"/> Information Disclosure Statement(s) (PTO/SB/08)          | 5) <input type="checkbox"/> Notice of Informal Patent Application |
| Paper No(s)/Mail Date _____ .                                                        | 6) <input type="checkbox"/> Other: _____ .                        |

## **DETAILED ACTION**

This office action is in response to amendment and remarks filed on January 4, 2011. The remarks filed have been entered and made of record. Claims 29-36 and 38-54 are pending.

### **Response to Arguments**

Applicant's arguments filed on January 4, 2011 have been fully considered but they are not persuasive because of the following reasons and newly applied art Hearn et al. (WO 03/003242):

The system of cited prior art teaches a system and method for promoting security method in computer system that involves partitioning portion of storage device to form security partition and limiting access to portion of storage device by operating system of computer. In that system a portion of storage device is partitioned to form a security partition, which has an authority record and data set associated with the authority record. An access to security partition of storage device is limited by the installed operating system of computer. Thibadeau :( Fig.1-4, col.4 line 37 to col.6 line 16). While Hearn teaches and describe a blocking unit (Fig.1 item 25 and Fig.2) configured for host CPU to impose and continuously maintain the requisite level of data access to security partition for users effecting the data access in accordance with the particular data access profile, regardless of subsequent operations of the CPU (Hearn: Fig.1 Item 35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As a result, cited prior art does implement and teach a system that relates to securing access in a computer system. Applicants still have failed to explicitly identify specific claim limitations, which would define a patentable distinction over prior arts.

Therefore, the examiner asserts that cited prior art does teach or suggest the subject matter broadly recited in independent Claims and in subsequent dependent Claims. Accordingly, rejections for claims 29-36 and 38-54 are respectfully maintained.

### **Claim Rejections - 35 USC § 103**

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 29-36 and 38-54 are rejected under 35 U.S.C. 103(a) as being unpatentable over Thibadeau U. S. Patent 7,036,020 and further in view of Hearn et al. (WO 03/003242).

2. Regarding Claim 29, Thibadeau teaches and describes a security system for securing access to an operating system of a computer having at least a host central processing unit (CPU), a memory used by the host CPU to load programs from the operating system in order to operate the computer, a storage device for storing data to be used by the computer, and a chain of

components connecting the CPU to the storage device, the security system comprising: a security partition formed in the storage device, the operating system being stored in the security partition; and a security device comprising a hardware processor or controller for interpreting communication and selectively blocking to operating system data access between the host CPU and the security partition, wherein the blocking means are deployed along the chain of components that connect the CPU to the storage device wherein the security device's processor or controller is distinct from the host CPU (Fig.1-4, col.4 line 37 to col.6 line 16).

Although the system disclosed by Thibadeau shows all the features of the claimed limitation, but Thibadeau does not specifically disclose security device processor controller for selectively blocking access to operating system data between CPU and the security partition.

In an analogous art, Hearn, on the other hand, discloses a security device comprising a hardware processor or controller for intercepting communications and selectively blocking access to operating system data between the host CPU and the security partition, wherein the security device is deployed along the chain of components that connect the host CPU to the storage device, wherein the security device's processor or controller is distinct from the host CPU [Fig.1 Item 35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page 17 line 8].

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention to combine the teachings of Thibadeau and Hearn, because Hearn method security device would not only promote further security structure and control in the system of Thibadeau during receiving data from user or devices but will also provide safeguards and imposing requisite level of data access to security partition for users from unauthorized access and misuse (page 35 line 28 to page 36 line 8).

3. Regarding Claim 42, Thibadeau teaches and describes a method for securing access to an operating system of a computer, comprising: forming a security partition in the storage device; storing the operating system in the security partition; and at a first component deployed along the chain of components connecting the host CPU to the storage device, intercepting communications and selectively blocking data access between the host CPU and the security partition; loading operating system data from the operating system into a random access memory; using one or more host central processing units (CPUs) to execute programs in the operating system based on the operating system data loaded into the random access memory; and intercepting communications and selectively blocking access to operating system data between the host CPUs and the security partition at a security device deployed along the chain of components connecting the host CPUs to the storage device, wherein the security device operates independent of the host CPU. (Fig.1-4, col.4 line 37 to col.6 line 16).

Although the system disclosed by Thibadeau shows all the features of the claimed limitation, but Thibadeau does not specifically disclose security device processor controller for selectively blocking access to operating system data between CPU and the security partition.

In an analogous art, Hearn, on the other hand, discloses a security device comprising a hardware processor or controller for intercepting communications and selectively blocking access to operating system data between the host CPU and the security partition, wherein the security device is deployed along the chain of components that connect the host CPU to the storage device, wherein the security device's processor or controller is distinct from the host CPU [Fig.1 Item 35, Fig.2 and page 15 line 2 to line 8, page 5 line 24 to page 17 line 8].

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention to combine the teachings of Thibadeau and Hearn, because Hearn method security device would not only promote further security structure and control in the system of Thibadeau during receiving data from user or devices but will also provide safeguards and imposing requisite level of data access to security partition for users (page 35 line 28 to page 36 line 8).

4. Claims 30-41 and 43-54 are rejected applied as above rejecting Claims 29, and 42. Furthermore, the system of Thibadeau and Hearn teaches and describes a system and method for securing access to an operating system of a computer, wherein:

As per Claim 30, each user of the computer has an associated access profile, each access profile comprising information indicative of the level of access to portions of the storage device permitted by a user, and the security device controlling access to the storage device by a user in accordance with the access profile associated with the user (col. 6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 31, the security system is arranged such that at least two different data access profiles are defined; one access profile ascribing read and write access to said security partition, and the other access profile not ascribing write access to said security partition (col.6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 32, said security device is independent and separately configurable of said host CPU (col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 33, during operation of the operating system the security device is arranged to divert and write operating system files to a location different to the security partition so that normal operation of the operating system continues even though operating system files in the secure partition have not been updated (col.5 line 25 to col.6 line 16, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 34, the security device is arranged to divert and write operating system files to a flash ROM (Fig.1-4, col.4 line 37 to col.5 line 50 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 35, the security system is arranged to divert and write operating system files to an invisible partition formed in the storage device (col.5 line 15 to col.6 line 16).

As per Claim 36, further comprising authentication means for authenticating a user of the computer and associating the user with a prescribed access profile, said security device controlling subsequent access to the security partition in accordance with the access profile associated with the user (col. 6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 38, said blocking means is configured to block all access by the host CPU to the storage device before initialisation of the security system, and to selectively permit access immediately after said initialisation in accordance with a respective access profile (col. 6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 39, said authentication means enables a software boot of the computer to be effected only after correct authentication of a user, and said security system permits normal loading of the operating system during the start up sequence of the computer following said

software boot (col.6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 40, said security device is a security device physically deployed between an interface adapter and the storage device within a data access channel of the chain of components connecting the host CPU and the storage device (col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 41, said security device is integrated in a bridging circuit within the chain of components connecting the host CPU and the storage device or within the storage device (Fig.1-4, and col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 43, further comprising associating each user with an access profile comprising information indicative of the level of access to portions of the storage device permitted by a user; and for each user, selectively blocking access between the host CPU and the security partition in accordance with the access profile defined for the user (col.5 line 25 to col.6 line 16, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 44, further comprising defining at least two different access profiles, one access profile ascribing read and write access to data stored on said security partition, and the other access profile not ascribing write access to said security partition (col. 6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 45, further comprising authenticating a user of the computer, and associating the user with an access profile after successful user authentication (col.5 line 15 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 46, said selective blocking comprises controlling access between the host CPU and the security partition independently of the host CPU (col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 47, said selective blocking comprises totally blocking access to the storage device by the host CPU during initialisation of the computer, and intercepting all said access immediately after said initialisation and before loading of the operating system of the computer (col.6 line 55 to col.8 line 35, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8)).

As per Claim 48, including performing a software boot of the computer only after correct authentication of the user, and allowing normal loading of the operating system during the start up sequence of the computer after said software boot (col. 6 line 55 to col.8 line 35 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 49, further comprising diverting and writing operating system files to a location different to the security partition during operation of the operating system so that normal operation of the operating system continues even though operating system files in the secure partition have not been updated (col.5 line 25 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 50, the operating system files are diverted and written to a flash ROM (Fig.1-4, col.4 line 37 to col.5 line 50 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 51, the operating system files are diverted and written to an invisible partition formed in the storage device (Fig.1-4, col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 52.including unalterably storing computer programs for effecting said controlling access in a location separate from the memory and not addressable by the host CPU (Fig.1-4, and col.4 line 37 to col.6 line 16 and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8).

As per Claim 53, the security device is a dedicated hardware device comprising a dedicated CPU for processing the intercepted communication and, based on the intercepted communications, determining whether to block data access between the host CPU and the security partition (col.4 line 45 to line 65, and col.9 line 13 to line 22, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8)).

As per Claim 54, the security device is integrated into a bridging circuit comprising logic for processing the intercepted communications and, based on the intercepted communications, determining whether to block data access between the host CPU and the security partition (col.4 line 45 to line 65, and col.9 line 13 to line 22, and Hearn: page 15 line 2 to line 8, page 5 line 24 to page to page 17 line 8))..

### Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, **THIS ACTION IS MADE FINAL**. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The examiner can normally be reached on 9:00 to 5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, William R. Korzuch can be reached on 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see <http://pair-direct.uspto.gov>. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SZ  
March 9, 2011  
/Syed Zia/  
Primary Examiner, Art Unit 2431